KR102093010B1 - Node device, operation method baed on block chain and system for processing data - Google Patents

Abstract

The present invention relates to a method of generating a block of data that constitutes a block chain and is shared among a plurality of nodes. In one embodiment of the present invention, obtaining at least one binding data having public or private properties; Determining a binding key having a decryption authority level for each binding data; Encrypting the binding data using the binding key; And generating a data block including at least a portion of the encrypted binding data and the binding key.

Description

Node device based on blockchain, operation method of node device and data processing system {NODE DEVICE, OPERATION METHOD BAED ON BLOCK CHAIN AND SYSTEM FOR PROCESSING DATA}

The present invention relates to a blockchain technology, and more particularly, to a node device based on a blockchain, a method of operating the node device, and a system including the node device.

A general data management system stores and manages data or files in a cloud storage using a centralized server, and users access or request data or files from the cloud storage. In this case, not only mass storage devices are required, but a centralized server for managing them is required, and system design and maintenance can be complicated. In addition, when the data or file contains personal information of a user, such information cannot be modified and updated, so a large security incident may occur when the server is leaked or copied, and a centralized server in which data is concentrated If is hacked, the stored data may be forged or falsified and distributed.

Recently, a block chain called a public transaction ledger has been developed to solve the weak security problems caused by traditional information distribution methods such as a centralized server. The blockchain is a technology in which data is distributed and stored by a plurality of nodes participating in an open network, and authentication nodes jointly store data and verify data to solve the problem of forged or falsified data distributed by hacking. You can.

In general, the data blocks that make up the blockchain store data, such as transaction history generated over time, through encryption using a hash function, and data blocks connected to each other in chains are exposed and shared by all nodes participating in the open network. You can. Therefore, even if an arbitrary node tries to use only some data in a data block, since the entire data block needs to be decoded, processing time for the data block increases, and hardware demand performance and network traffic for processing the data block increase. You can.

Each block of data constituting the block chain stores a block hash value. The block hash value is a value used for block verification, and the corresponding node can verify the data block by decrypting all data contained in the data block and extracting the hash value of the decrypted data and comparing it with the block hash value stored in the data block. have. As the amount of data stored in the data block increases, the data decoding time increases, which may cause a problem that the computer resource is excessively consumed.

The technical problem to be achieved by the present invention is to reduce network traffic demand, reduce processing time for data blocks, reduce hardware resources, and improve the verification time of data blocks. It is intended to provide.

In addition, another technical problem to be achieved by the present invention is to provide a method for generating a data block having the above-described advantages.

A method of generating a data block according to an embodiment of the present invention includes: obtaining at least one binding data having public or private characteristics; Determining a binding key having a decryption authority level for each binding data; Encrypting the binding data using the binding key; And generating a data block including at least a portion of the encrypted binding data and the binding key.

In one embodiment, the data block includes a header area including index information indicating the type of the at least one binding data, a public area in which a hash value of the at least one binding data stored in the data block is stored, and the encryption It may include a binding area in which at least a portion of the binding data and the binding key is stored, and a private area in which encrypted private data is stored.

In one embodiment, the header area includes at least one of a hash value of the encrypted private area, at least a portion of a first public key that restricts access of an unauthorized node to the data block, and an integrity verification number of the data block It may further include.

In one embodiment, the public area includes a second public key including public data including type information regarding a type of information records included in the data block and at least a part of an encryption key for decrypting the public data. It may include.

In one embodiment, the second public key can be used to verify the first public key retrieved from at least a portion of the first public key. For example, the second public key may include at least a part or all of the searched first public key.

In an embodiment, the method may further include storing at least one extension data in the binding area of the data block. For example, the binding key corresponds to a decryption authorization level, and the at least one extended data may be encrypted according to the decryption authorization level.

In one embodiment, the step of additionally storing the extended data includes: storing index information indicating the type of the extended data in the header area; And storing the hash value of the extended data in the public area.

In one embodiment, the step of reducing the data block may further include generating a derived data block. For example, in the generating of the derived data block, the selected binding data among the at least one binding data stored in the binding area of the data block and a binding key corresponding to the selected data are stored in the derived binding data area. step; Storing modified index information indicating the type of the selected binding data in a derived header area; The method may include storing the modified hash value of the selected binding data in a derived public area.

In one embodiment, the index information may include at least one of finance, health, insurance, education, and finance.

A method for processing a data block according to an embodiment of the present invention includes: encrypted data including at least one binding data having public or private characteristics and at least a portion of a binding key having a decryption authority level for each binding data Receiving a block; Checking the binding data accessible according to a decryption authority level for the binding data; Extracting at least a portion of a binding key for the identified binding data; And decrypting the binding data using at least a portion of the extracted binding key.

In one embodiment, decrypting the binding data using at least a portion of the extracted binding key may include: retrieving the entire contents of the binding key from at least a portion of the extracted binding key; And decrypting the binding data using the retrieved binding key.

In one embodiment, the method of processing the data block includes index information indicating the type of the at least one binding data, a hash value of the encrypted private area, and a first public key that restricts access of the unauthorized node to the data block Decoding a header area including at least a portion of at least a portion of the data block and the number of verifying integrity of the data block; And public data including a hash value of the binding area matching the type of information included in the data block and the type of information based on the information of the decoded header area, and encryption for decoding the public data. The method may further include decrypting the public area including the second public key including at least a portion of the key. In one embodiment, the method further includes retrieving the entire contents of the first public key from at least a portion of the first public key, wherein at least a portion of the retrieved first public key and at least a portion of the second public key are retrieved. In comparison, the method may further include verifying the retrieved first public key.

In one embodiment, the method of processing the data block may further include determining the type of the binding data through the index information.

In one embodiment, the method of processing the data block may further include identifying a type of the information record included in the data block.

In one embodiment, the method of processing the data block may further include verifying the decrypted binding data by comparing the hash value of the binding region with the hash value of the decrypted binding data.

In one embodiment, the method of processing the data block may further include the step of additionally storing at least one extended data in the binding area of the data block. For example, the binding key corresponds to a decryption authorization level, and the at least one extended data may be encrypted according to the decryption authorization level.

In one embodiment, the step of additionally storing the extended data includes: storing index information indicating the type of the extended data in the header area; And storing the hash value of the extended data in the public area.

In one embodiment, the method of processing the data block may further include generating a derived data block by reducing the data block. For example, in the generating of the derived data block, the selected binding data among the at least one binding data stored in the binding area of the data block and a binding key corresponding to the selected data are stored in the derived binding data area. step; Storing modified index information indicating the type of the selected binding data in a derived header area; The method may include storing the modified hash value of the selected binding data in a derived public area.

In one embodiment, the method of processing the data block may further include decoding and verifying at least one binding data among binding data stored in the binding area of the data block.

A node device or data processing system using a structure of a data block according to an embodiment of the present invention multiplexes decryption rights for encrypted information in the data block structure, and the data block structure includes a header area, a public area, and a binding Includes an area and a private area, the header area includes at least a portion of an index information indicating the type of the binding area, a hash value of the private area, and a first public key that restricts access of an unauthorized node to the data block, and Public data including at least one of the number of times of verifying the integrity of the data block, and the public area including public information including type information on the type of information records included in the data block, and at least an encryption key for decrypting the public data Second public containing some And at least one of a hash value of the binding region matching the key and the type information, wherein the binding region sets at least one binding data having public or private characteristics and a decryption authority level for the at least one binding data. And at least one binding key, the at least one binding data and the at least one binding key are paired, and the private region is a private data decryptable by the node device and a hash of the private data. It can contain values.

A data block processing node according to an embodiment of the present invention includes a memory; And at least one processor. For example, the processor receives an encrypted data block including at least one binding data having public or private characteristics and at least a portion of a binding key having a decryption authority level for each binding data, and the binding Check the accessible binding data according to the decryption authority level for data, extract at least a portion of the binding key for the identified binding data, and decrypt the binding data using at least a portion of the extracted binding key You can.

In one embodiment, the processor may retrieve the entire contents of the binding key from at least a portion of the extracted binding key, and decrypt the binding data using the retrieved binding key.

In one embodiment, the processor includes at least a portion of index information indicating the type of the at least one binding data, a hash value of the encrypted private area, and a first public key that restricts access of the unauthorized node to the data block. , And decoding a header area including at least one of the number of times of integrity verification of the data block, and matching the type of information and the type of information included in the data block based on the information of the decoded header area. A public area including a second public key including at least a part of an encryption key for decrypting the public data and public data including a hash value of the binding area.

In one embodiment, the processor retrieves the entire contents of the first public key from at least a portion of the first public key, and compares at least a portion of the retrieved first public key with at least a portion of the second public key Thus, the retrieved first public key can be verified.

In one embodiment, the processor may check the type of the binding data through the index information.

In one embodiment, the processor may check the type of information record included in the data block.

In one embodiment, the processor may verify the decrypted binding data by comparing the hash value of the binding region with the hash value of the decrypted binding data.

In one embodiment, the processor may additionally store at least one extended data in the binding area of the data block. Further, the binding key corresponds to a decryption authorization level, and the at least one extension data can be encrypted according to the decryption authorization level.

In one embodiment, the processor may store index information indicating the type of the extended data in the header area and a hash value of the extended data in the public area.

In one embodiment, the processor shrinks the data block to generate a derived data block, and the selected binding data among the at least one binding data stored in the binding area of the data block and a binding key corresponding to the selected data May be stored in the derived binding data area, modified index information indicating the selected binding data type in the derived header area, and a modified hash value of the selected binding data may be stored in the derived public area.

In one embodiment, the processor may decrypt and verify at least one of the binding data stored in the binding area of the data block.

A data processing system shared among a plurality of nodes according to an embodiment of the present invention acquires at least one binding data having public or private characteristics, and a binding key having a decryption authority level for each binding data. A data block generation node for determining, encrypting the binding data using the binding key, and generating a data block including the encrypted binding data and at least a portion of the binding key; And at least a portion of a binding key having at least one binding data having the public or private property and a decryption authorization level for each binding data, and a decryption authorization level for the binding data. And a data block processing node that checks the binding data accessible according to, extracts at least a portion of the binding key for the identified binding data, and decrypts the binding data using at least a portion of the extracted binding key. can do.

According to an embodiment of the present invention, by multiplexing the decryption authority for the encrypted information in the data block, the network traffic demand is reduced, the processing time for the data block is reduced, the hardware resource is reduced, and the verification time of the data block A node device may be provided that improves.

In addition, according to another embodiment of the present invention, a method for generating a data block for easily generating a data block having the above advantages can be provided.

In addition, according to another embodiment of the present invention, it is possible to divide and recombine data blocks based on the multiplexed decryption authority level, thereby reducing the amount of hardware resources required for data decryption and verification and network resources due to data block transmission. I can do it.

1 shows a data processing system based on a blockchain according to an embodiment of the present invention.
2 is a diagram showing the configuration of a blockchain according to an embodiment of the present invention.
3 is a diagram showing the configuration of a data block according to an embodiment of the present invention.
4 is a diagram illustrating access authority for each node of a data block according to an embodiment of the present invention.
5A is an exemplary diagram for explaining an operation of adding binding data in a data block according to an embodiment of the present invention, and FIG. 5B is an exemplary diagram for explaining an operation for deleting binding data in a data block, and FIG. 5C Is an exemplary diagram for explaining an operation of replicating a data block, and FIG. 5D is an exemplary diagram for explaining an integrated operation of a data block.
6 is a block diagram showing the configuration of a node according to an embodiment of the present invention.
7 is a flowchart illustrating an operation of generating a data block according to an embodiment of the present invention.
8 is a flowchart illustrating an operation of decoding a data block according to an embodiment of the present invention.
9 is a flowchart illustrating an operation of providing a data block according to an embodiment of the present invention.
10 is a flowchart illustrating an operation of verifying a data block according to an embodiment of the present invention.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings.

The embodiments of the present invention are provided to more fully describe the present invention to those of ordinary skill in the art, and the following embodiments can be modified in various other forms, and the scope of the present invention is as follows. It is not limited to the Examples. Rather, these examples are provided to make the present invention more faithful and complete, and to fully convey the spirit of the present invention to those skilled in the art.

In addition, in the following drawings, the thickness or size of each layer is exaggerated for convenience and clarity of description, and the same reference numerals in the drawings refer to the same elements. As used herein, the term “and / or” includes any and all combinations of one or more of the listed items.

The terminology used herein is used to describe a specific embodiment and is not intended to limit the present invention. As used herein, singular forms may include plural forms unless the context clearly indicates otherwise. Also, as used herein, “comprise” and / or “comprising” specifies the shapes, numbers, steps, actions, elements, elements and / or the presence of these groups. And does not exclude the presence or addition of one or more other shapes, numbers, actions, elements, elements and / or groups.

Although the terms first, second, etc. are used herein to describe various members, parts, regions, layers and / or parts, these members, parts, regions, layers and / or parts are defined by these terms It is obvious that not. These terms are only used to distinguish one member, part, region, layer or portion from another region, layer or portion. Accordingly, the first member, component, region, layer or portion described below may refer to the second member, component, region, layer or portion without departing from the teachings of the present invention.

Hereinafter, embodiments of the present invention will be described with reference to the drawings schematically showing ideal embodiments of the present invention. In the drawings, for example, the size and shape of members may be exaggerated for convenience and clarity of description, and in actual implementation, deformations of the illustrated shape can be expected. Accordingly, embodiments of the present invention should not be construed as limited to the specific shapes of the members or regions shown herein. Hereinafter, various embodiments of the present invention will be described with reference to the drawings.

1 shows a data processing system 10 based on a blockchain (BC) according to an embodiment of the present invention.

Referring to FIG. 1, the data processing system 10 includes a plurality of nodes, such as a first client node CN1, a second client node CN2, and a server node SN, and the first client node CN1 ), The second client node CN2 and the server node SN may be connected to the network NW. In FIG. 1, it has been exemplified that two client nodes CN1 and CN2 and one server node SN are connected to the network NW, but two or more client nodes and one or more server nodes SN are connected to the network ( NW). In the present invention, the server node SN refers to a node that includes the entire data block DB in the blockchain BC, and the client nodes CN1 and CN2 each store only data blocks that contain information necessary for them. Node.

Each node may have the same configuration or different configurations. In one embodiment, each node in the data processing system 10 may include a block generation unit 602, a storage unit 604, and a communication unit 606, as described below with reference to FIG. Tablet PCs, Laptops, Personal Computers (PCs), Portable Multimedia Players (PMPs), Wireless Communication Terminals, Smartphones, and Mobile Communication Terminals (Mobile Communication Terminal).

In one embodiment, the server node SN may store at least one blockchain BC in which a plurality of data blocks DB are chained to each other like a chain. For example, one first data block DB includes three binding data BD-1, BD-2, and BD-3, and the other second data block includes one binding data BD4. The first data block DB and the second data block DB may be connected in a chain. In one embodiment, the chain connection is performed between the first data block DB and the second data block DB by allowing the second data block DB to include information on the block hash value of the first data block DB. It can mean having a connection to.

In one embodiment, each data block DB constituting the block chain BC includes at least one binding data (BD-1, BD-2, BD-3, BD-4) having an authorization level. In addition, the binding data (BD-1, BD-2, BD-3, BD-4) can be decrypted only by nodes having an authorization level. For example, the binding data may include at least one of at least one public data designated to be publicly available and at least one private data designated to be non-publical. In one embodiment, the server node SN may receive the data blocks DB generated by the client nodes CN1 and CN2 and connect them over time to generate and store the blockchain BC. However, this is only an example, and the present invention is not limited thereto. For example, the server node SN may receive and store the respective blockchains BC generated by the client nodes CN1 and CN2.

In one embodiment, the server node SN is configured to store a stored block chain BC or at least some data blocks DB constituting the block chain BC in response to requests from at least one client node CN1, CN2. It may be transmitted to the first client node CN1 and / or the second client node CN2.

In one embodiment, the first client node CN1 and the second client node CN2 may generate a data block DB that is an element of the blockchain BC. In one embodiment, each data block DB, as described below with reference to FIG. 2, may include binding data BD to which an authorization level has been granted to enable decoding at a specific node. The binding data BD to which the authority level has been granted may be encrypted such that only nodes having a specified authority level among nodes included in the data processing system 10 can read and write. Specifically, by multiplexing the decryption rights for the binding data (BD) in the data block, nodes having the corresponding permission level can decrypt the corresponding binding data (BD).

In one embodiment, at least one node of the first client node CN1 and the second client node CN2 may extract and store some data blocks DB of the blockchain BC stored in the server node SN. have. For example, as shown, the first client node CN1 has binding data (eg, BD-1 and BD-) corresponding to its authorization level from the entire data block DB in the blockchain BC. 3) extract and store the data block (DB1), or request binding data (for example, BD-1 and BD-3) corresponding to their authority level to the server node SN, for example, binding data (for example For example, a data block DB1 including BD-1 and BD-3) may be stored. Similarly, the second client node CN2 is a data block including binding data (for example, BD-2 and BD-4) corresponding to its authorization level from the entire data block DB in the blockchain BC. (DB2), or request binding data (e.g., BD-2 and BD-4) corresponding to their authority level to the server node SN and bind data (e.g., BD-4 and BD) A data block DB2 including -4) may be stored.

In addition, a new data block BD may be added in the block chain BC stored in the server node SN of FIG. 1, or may be further added to new binding data in the data block BD (FIG. 5A), and the server node The existing data block BD may be deleted in the block chain BC stored in the SN, or may be deleted in the existing binding data in the data block BD (FIG. 5B), and the block chain stored in the server node SN ( Some binding data is copied from the data block BD in BC) to generate new block data (hereinafter referred to as reduced replication, FIG. 5C), and a data block in the block chain BC stored in the server node SN. Only partial binding data can be extracted from (BD) to generate new block data (hereinafter referred to as partitioning, FIG. 5D). In another embodiment, as shown in FIG. 5E to be described later, two data blocks may be merged into one data block.

In the implementation, the first blockchain BC among the plurality of blockchains BC may be a blockchain (BC) operated by a financial company, and the second blockchain (BC) is a blockchain (BC) operated by an insurance company It may be, the third blockchain (BC) may be a blockchain (BC) operating in a hospital, the fourth blockchain (BC) may be a blockchain (BC) operating in a government office. Each of these block chains (BC) can be divided by a data transmission / reception protocol between each node, and through adjustment of the protocol, the first block chain (BC) of the financial company is the second block chain (BC) and the third block chain. It may be chained with at least one data block (BD) extracted from the (BC), the fourth block chain (BC), or a combination thereof.

As described above, by accommodating public data or non-public data in the area of the binding data BD in the data block DB, it is possible to simultaneously accommodate important information that should not be disclosed in the blockchain structure and information that needs to be disclosed. . In addition, the addition or deletion of the binding data BD in the data block DB, the addition or deletion of the data block DB in the block chain BC, the merging of the data block DB in the block chain BC, the data block By reducing and replicating (DB) and partitioning, data blocks can be flexibly used. In addition, by extracting a portion of the original data block and generating a data block that is reduced and generated according to the purpose, it is possible to reduce the network traffic demand according to the block transmission and reduce hardware resources.

In addition, by multiplexing the decryption authority for the encrypted binding data in the data block, the node storing the specific data block (DB) decrypts only the part of the blockchain when decrypting the data block (DB), thereby decrypting the entire existing blockchain. In comparison with the case, the processing time of the data block can be reduced and the verification time of the data block can be improved. Due to this, it is possible to reduce the required amount of hardware resources for data decoding and verification and network resources according to data block transmission.

In addition, by distinguishing the owners of data blocks (e.g., financial companies, insurance companies, hospitals), it is possible to additionally implement a data transaction system within the blockchain, and hardware for data mining by providing a public key that is only partially public rather than fully public Reduce resource requirements.

In addition, by using the hash value of the encrypted area in the data block for chain connection, it is possible to find a block containing the desired data before decrypting the block or to implement the integrity of the decrypted data in a simple process.

2 is a block diagram of a block chain (BC) according to an embodiment of the present invention.

Referring to FIG. 2, the block chain BC is formed by connecting a plurality of data blocks DB in a chain form, and each data block DB uniquely identifies the binding data BD and the binding data BD. It may include a hash value (BDH) expressed as a value. Also, each data block can store its own block hash value. For example, its block hash value may be determined by a hash function using the hash value of the binding data BD of the previous data block and the binding data in its data block as inputs. However, this is only exemplary, and the present invention is not limited thereto. For example, since the data blocks that make up a typical blockchain also contain the hash value of the previous block, each data block in the blockchain can be connected to each other like a chain, and the hash value of the previous block is used to generate the block hash. Can be used. Also, the data block may further include a nonce value and a time stamp.

In one embodiment, the block chain (BC) can be divided for each node. For example, blocks DB generated by a first client node (see CN1 in FIG. 1) are connected to a first blockchain defined as a first client node, and a second client node (see CN2 in FIG. 1). Blocks generated by may be connected to a second blockchain defined as a second client node. Also, the blockchain may not distinguish nodes. For example, one blockchain is defined in the data processing system 10, and blocks generated at each node may be sequentially connected to the blockchain according to the creation time.

3 is a diagram showing the configuration of a data block DB according to an embodiment of the present invention.

Referring to FIG. 3, the data block DB may be composed of a header area HA, a public area P _B A, a binding area BA, and a private area P _R A, and the binding data BD may be able to be decrypted by the node that has the specified permission level, and private data (P _R D) is private data (P _R D), only the first node of the generated data block (DB) decoding. However, the present invention is not limited to these, and the private data (P _R D) can be decrypted by the owner of the blockchain (BC), that is, the node having the authority of the insurance company, the financial company, and the hospital, or own the blockchain. It may be decryptable by a node device of a customer using an insurance company, a financial company, or a hospital. In addition, the header area (HA) is a block hash value (BLH), the private data hash value index (BDT), the first public key (PK1) of the (P _R DH), the binding data (BD) of (P _R D) and It may include the number of integrity verification (VN).

In one embodiment, the block hash value (BLH) acts as an identifier of the data block (DB) and is generated by applying a preset hash algorithm to the hash value of the binding data (BD) having a permission level stored in the data block. You can. As another example, in generating the block hash value BLH, other information stored in the data block BD, such as the hash value (P _R DH) of the private data (P _R D), the index (BDT) of the binding data (BD), and the like. A hash algorithm can also be applied to.

In one embodiment, the hash value of the private data (P _R D) (P _R DH) is to be identifiers of the private data (P _R D) stored in the private data area (P _R A), stored in the private data (P _It may be a hash value for the Merkle tree root generated from _R D). For example, when the first private data to the third private data are stored, a hash value that sums the hash values of the first private data and the hash values of the second private data is generated, and the sum of the hash values of the third private data is added again. The final hash value can be used as the hash value of the private data.

In one embodiment, the index BDT of the binding data may be information indicating the type of the binding data BD stored in the binding data area BA. For example, the index information may include information indicating at least one of data related to the financial industry, data related to the medical industry, and data related to the insurance industry. Further, the index information may include information indicating the level of authority granted to each binding data BD.

In one embodiment, the first public key PK1 may be information used to calculate a decryption key for decrypting the binding region. For example, the first public key PK1 may be provided in a form in which at least a part is disclosed and the other part is not disclosed. Due to this, the unauthenticated node included in the network NW may not know the decryption key, so decryption of the data block DB may be restricted. Also, the degree of disclosure of the first public key PK1 may be changed. For example, when the first public key PK1 has a high degree of disclosure, time and hardware requirements for calculating the decryption key may be reduced compared to the case where the first public key PK1 is disclosed.

In one embodiment, the number of integrity verifications (VN) represents the number of error verifications performed on data blocks or binding data.

In one embodiment, the public area P _B A may include a hash value BDH of the second public key PK2 and binding data BD. For example, the second public key PK2 is information used to determine whether the decryption key obtained using the first public key PK1 is a normal key, and the decryption key calculated with the first public key PK1. If the second public key PK2 is compared and the two keys are the same, it can be determined that a normal key has been obtained. Also, at least a portion of the second public key PK2 may be provided in an unpublished form. For example, decrypting the second public key (PK2) with the encryption key calculated using the first public key (PK1) and decrypting the binding area by calculating the first public key (PK1) and the second public key (PK2) For obtaining an encryption key. This provides a public key that is only partially public rather than the public key that is publicly disclosed in the open blockchain, thereby reducing the hardware resource requirement for data decryption.

In one embodiment, the binding area BA is a plurality of binding keys (BK1, BK2, ..., BKn) and binding data (BK1, BK2, ..., BKn) that can be decrypted with the binding data (BD1, BD2, …, BDn). For example, the plurality of binding keys BK1, BK2, ..., BKn may have different permission levels. In addition, the binding data (BD1, BD2, ..., BDn) is information that can be disclosed to other nodes, and may include information records that cannot be personally identified, such as age, residence, occupation, income level, and asset status. In addition, type information regarding the type of information records included in the binding area may be stored in the public area P _B A.

In one embodiment, the private area (P _R A) may include private data (P _R D) that can only decrypt the generating node that generated the data block (DB). For example, the private data (P _R D) may be decrypted only by a decryption key separately owned by the generating node. For example, the private data (P _R D) is information that should not be disclosed to other nodes, and may include personally identifiable information such as, for example, social security numbers and names.

4 is a diagram illustrating access authority for each node for a data block DB according to an embodiment of the present invention.

Referring to FIG. 4, a plurality of binding data stored in a data block (DB) has respective permission levels, and nodes can access and decrypt only binding data corresponding to their own permission level from the data block (DB). have. For example, the nodes can extract the public key from the header area (HA) of the data block (DB), and decrypt the public area (P _B A) using the extracted public key, thereby having the authority level of the user. You can check the binding data corresponding to.

In one embodiment, the header area (HA) and the public area (P _B A) of the data block (DB) are areas used to identify binding data that nodes can decrypt, and all nodes included in the data processing system (all nodes) ) Is accessible.

In one embodiment, rights from level 1 to level n are defined, and level 1, level 2, and level 3 are respectively the first area BA1, the second area BA2, and the third area BA3 of the binding area BA. ), And level n is assumed to be a level accessible to the entire area of the binding area BA.

Accordingly, the node N _LV1 having level 1 authority accesses the first area BA1 of the binding area BA by analyzing the header area HA and the public area P _B A of the data block DB. It is determined that this possible binding data is included, and the binding data can be decrypted using the binding key stored in the first area. Similarly, each node (N _LV2, N _LV3 ) having the authority of level 2 and level 3 can only decode binding data stored in the second area and the third area of the binding area. In addition, the node (N _LVn ) having the authority of level n can access all regions of the binding region and can decode at least one binding data desired by the node.

In addition, the generation node N _owner who first generated the data block DB may have the highest level of authority for the data block DB. Accordingly, the generation node N _owner may decrypt some binding data or all binding data, and additionally may also decrypt private data stored in the private area P _R A. Although not shown, access to all nodes may be restricted even for at least one binding data stored in the binding area.

5A is an exemplary view for explaining an operation of adding binding data BD in a data block DB according to an embodiment of the present invention, and FIG. 5B deletes binding data BD in the data block DB 5C is an exemplary diagram for explaining the operation of replicating the data block DB, and FIG. 5D is an exemplary diagram for explaining the integrated operation of the data block DB.

In one embodiment, the blockchain has a structure in which a plurality of data blocks are connected to each other, and each data block may include at least one binding data having a permission level. For example, as shown in this exemplary diagram, the first data block DB1 includes three binding data (data A, data B and data C), and the second data block DB2 also has three bindings. Data (data D, data E and data F), the third data block (DB3) includes one binding data (data G), the first data block (DB1), the second data block (DB2) And the third data block DB3 is connected to each other to form a block chain BC.

Referring to FIG. 5A, at least one node that receives a block chain (BC) may add new binding data in a data block. For example, as shown in 510 of FIG. 5A, the node may add binding data H to the first data block DB1 of the previously created blockchain BC. At this time, binding data may be added in consideration of the size of the first data block DB1. For example, when the size of the first data block DB1 exceeds the predetermined size by the addition of the binding data H, the binding data H is divided or compressed according to the predetermined size of the first data block DB1 Can be added as Further, index information indicating the type of the added binding data may be stored in the header of the data block, and the hash of the added binding data may be stored in the public area of the data block. However, this is only an example, and the present invention is not limited thereto. For example, as shown in 520 of FIG. 5A, a new data block DB4 including data H may be generated, and a new chain NC may be formed with the first data block DB1. At this time, the first data block DB1 becomes a parent data block, and the newly added (or derived) data block DB4 becomes a child data block, and information indicating this relationship may be added to each data block. . In addition, index information indicating the type of the binding data and the hash of the added binding data may be stored in the header and the public area of the newly added data block DB4, respectively.

In one embodiment, as opposed to adding binding data in a data block, binding data stored in the data block may be deleted. For example, as illustrated in FIG. 5B, the node stores the data block DB1 composed of data A and data B by deleting the data C stored in the first data block DB1 of the previously created blockchain. You can. In addition, index information indicating the type of the deleted binding data is deleted from the header of the data block, and the hash of the deleted binding data can also be deleted from the public area of the data block.

In one embodiment, at least one node receiving the block chain BC may replicate the previously generated data block DB. For example, as shown in FIG. 5C, a node may copy a portion of data stored in the first data block DB1 of the previously created blockchain to reduce (or derive) the data block compared to the first data block ( DBC) and connect it to the blockchain (BC). For example, as illustrated in 530 of FIG. 5C, a data block (DBC) derived by replicating data C may be connected between the first data block and the second data block. As another example, as shown in 540 of FIG. 5C, a data block (DBC) replicating data C may be generated, and a new chain (NC) may be formed with the first data block (DB1). At this time, the modification index information indicating the type of the duplicated binding data and the modification hash of the duplicated binding data may be stored in the header and the public area of the derived data block, respectively.

In one embodiment, at least one node receiving the blockchain may divide one data block DB previously generated into a plurality of data blocks. For example, as illustrated in 550 of FIG. 5D, the first data block DB1 of the blockchain in which the node is previously generated is a data block DB1-1 including data A and data B and a data block including data C. It can be divided into (DB1-2) and connected to the blockchain (BC) sequentially. As another example, as illustrated in 560 of FIG. 5D, the divided data blocks may be designated as a parent data block and a child data block according to a predetermined rule. For example, the parent data block DB1-1 maintains the existing chain configuration. The child data block DB1-2 may form a new chain NC with the parent data block DB1-1. In this case, according to the division of the data block, index information indicating the type of binding data stored in the header of each block, for example, the parent data block and the child data block, and a hash of the binding data stored in the public area may be updated. .

In one embodiment, as opposed to dividing a data block, a plurality of data blocks may be integrated into one data block. For example, as illustrated in FIG. 5E, the node generates a data block DB12 incorporating the first data block DB1 and the second data block DB2 of the previously created blockchain BC, and the node generates the data block DB12. Can connect to Blockchain (BC). At this time, in the integration of the data block, index information indicating the type of binding data stored in the header of the integrated data block DB12 and a hash of the binding data stored in the public area may be updated.

6 is a block diagram showing the configuration of a node 600 according to an embodiment of the present invention.

Referring to FIG. 6, it may be a client node (see CN1 and CN2 in FIG. 1) or a server node (see SN in FIG. 1) which is a configuration of the node 600 data processing system (see 10 in FIG. 1). In one embodiment, the node 600 may include a block generation unit 602, a storage unit 604 and a communication unit 606.

In one embodiment, the communication unit 606 may establish communication (NW) between at least one other node. For example, the communication unit 606 may form the communication through wireless communication or wired communication. For example, the wireless communication is at least one of LTE, LTE-A (LTE Advance), code division multiple access (CDMA), wideband CDMA (WCDMA), universal mobile telecommunications system (UMTS), or Global System for Mobile Communications (GSM). It may include cellular communication using. Further, the wireless communication may include short-range communication using at least one of WiFi (wireless fidelity), LiFi (light fidelity), Bluetooth, Bluetooth low power (BLE), Zigbee, and near field communication (NFC). You can. In another embodiment, the wired communication is at least any one of a universal serial bus (USB), high definition multimedia interface (HDMI), recommended standard-232 (RS-232), power line communication, or plain old telephone service (POTS) and a system bus. It can contain one.

The storage unit 604 may include various data used by at least one component (eg, the block generation unit 602 or the communication unit 606), for example, input data or output data for software and commands related thereto. Can be saved. The storage unit 604 may include volatile memory or nonvolatile memory. In one embodiment, the storage unit 606 may be a data block DB or at least one memory area in which the block chains BC in which the data blocks DB are connected are stored.

In one embodiment, the block generation unit 602 drives at least one software stored in the node to at least one other component connected to the block generation unit 602 (eg, the storage unit 604, or the communication unit 606) ) Can be controlled, and various data processing and operations can be performed. For example, the block generator 602 may be at least one processor that processes the overall operation of the node.

In one embodiment, the block generator 602 may generate an initial block that is the beginning of the blockchain. The first block stores private data accessible only to the generating node, and a hash value of the encrypted private data may be used as a hash value identifying a block associated with the first block. For example, the block generator 602 may encrypt the private data using the private key held by the node 600, and generate a hash value for each encrypted private data.

In one embodiment, the block generator 602 may generate a data block DB that is a component of the block chain BC. For example, the block generator 600 may include a data block DB including at least one binding data (see BD-1, BD-2, BD-3, BD-4 in FIG. 1) having an authorization level. Can be created. The data block DB may be a data block including information of a user registered in a specific facility, and in this case, a data block DB may be generated whenever a new user is registered in the facility. However, this is only an example, and the present invention is not limited thereto. For example, the data block DB may be periodically generated at regular time intervals (eg, 10 minutes).

In one embodiment, the block generator 602 may request proof of work to other nodes in the network NW to connect the generated data block DB to the blockchain BC. Proof of work means agreeing with another node to update the blockchain with a block of data generated by the generating node. For example, the block generator 602 may request proof of work by transmitting the generated data block DB to other nodes, and verification nodes requested for proof of work are randomly selected from the hash value of the received data block. Nonce values and pre-set verification algorithms can be used to calculate values that satisfy specified conditions. At this time, the verification node may perform arithmetic operations while changing the nonce value until a value satisfying the specified condition is calculated, and the verification node calculating the value satisfying the specified condition may report verification completion to the generating node. have. Also, when the number of verification nodes that have completed verification satisfies the specified number, the block generation unit 602 may update the block chain BC by linking the generated data blocks with a chain.

In one embodiment, the block generation unit 602 may process the pre-generated chain BC. Processing the block chain BC may include adding at least one binding data BD to at least one data block DB that is an element of the block chain BC. In addition, processing of at least one of deletion of at least one binding data (BD) included in the data block (DB), reduction replication of the previously generated data block (DB), and integration of the previously generated data block (DB) You can also see it as action. In one embodiment, the block generator 602 may change header information of the processed data block DB. For example, the information indicating the hash value of the changed binding data BD and the type of the changed binding data BD according to deletion or addition of the binding data BD is a public area of the data block (refer to the BDH field in FIG. 3). And a header area of a data block (for example, see the BDT field in FIG. 3).

In one embodiment, the block generation unit 602 may store the processed data block DB in the storage unit 604 or transmit it to another authenticated node connected to the network NW. At this time, another authenticated node may include a server node and a different client node, and they may store the received data block in the storage unit. Also, at least one node (for example, a server node) may store a processed data block and a data block before processing. Due to this, it is possible to prevent a part of the binding data stored in the first data block from being permanently deleted by the machining operation.

In one embodiment, the block generator 602 may transmit at least some data blocks DB constituting the block chain BC to other nodes. At this time, when the block generation unit 602 receives a transaction including information about the requested data from another node, the block generation unit 602 analyzes the header of the data block DB stored in the storage unit 604 to analyze the data block corresponding to the transaction (DB ) To send it to the requesting node.

As described above, the node storing the data block (DB) can save hardware resources required for decryption compared to the method of decrypting the entire block chain by decrypting only part of the block chain when decrypting the data block (DB). have. However, this is only exemplary, and the present invention is not limited thereto. For example, some data blocks DB are one data block DB formed only of binding data BD having a permission level that does not correspond to the authority of a node among the binding data BD included in the blockchain BC Can be The node storing the above-described data block DB cannot decrypt the data block DB having no authority level for decrypting the data block DB, but the above-described data block DB is another node capable of decryption. By providing, it can save network resources compared to the existing method of providing the entire blockchain (BC).

7 is a flowchart illustrating an operation of generating a data block DB according to an embodiment of the present invention. The data block DB may be generated by a client node (see CN1 and CN2 in FIG. 1) and a server node (see SN in FIG. 1) included in the data processing system 10, and the data block (DB ) Is referred to as a 'creation node' for convenience of description.

Referring to FIG. 7, the generation node may determine binding data BD (or extended data) and decryption permission level to be added to the data block DB (S10). The binding data BD may be data to which a certain level of authority level is granted so that decryption is possible only at a node having a specified authority level.

Thereafter, the generating node may encrypt the binding data BD using the encryption key BK corresponding to the permission level (S12). The generating node may have a plurality of encryption keys having different authority levels, and among these encryption keys, a key corresponding to the authority level to be granted to the binding data BD may be obtained.

Thereafter, the generating node may generate the data block DB using the binding data BD and the encryption key BK (S14). As described above with reference to FIG. 3, the binding data BD and the encryption key BK may be added to the binding area BA of the data block DB. In addition, the generating node may add private data (P _R D) that only the generating node itself can decrypt in addition to the binding data BD in the data block DB, and describe the data added to the data block DB. Header information including information (eg, hash value, data type, etc.) may be generated.

8 is a flowchart illustrating an operation of decoding a data block DB according to an embodiment of the present invention. The data block DB may be decrypted by a client node and a server node included in the data processing system 10, and in the following description, a node for decrypting the data block DB will be referred to as a 'receiving node' for convenience of description. .

Referring to FIG. 8, the receiving node may receive the data block DB through the network NW (S20). For example, the receiving node may generate a transaction requesting the binding data BD, transmit it to the nodes included in the network NW, and receive a data block DB corresponding to the transaction. For example, the transaction may include the authority level of the receiving node, category information of the binding data BD required by the receiving node, and the like.

Thereafter, the receiving node may check the binding data BD by decoding at least a part of the received data block DB (see BDH field in FIG. 3) (S22).

Thereafter, the receiving node determines whether binding data BD corresponding to the authority level of the receiving node among binding data BD included in the data block DB, for example, decryptable binding data BD exists. It can be judged (S24).

If the binding data BD corresponding to the authority level does not exist in the data block DB, the receiving node may end the decoding operation of the data block DB.

When the binding data BD corresponding to the authority level exists in the data block DB, the receiving node can decrypt only the binding data BD corresponding to the authority level in the data block DB (S26).

9 is a flowchart illustrating an operation of providing a data block DB according to an embodiment of the present invention. The data block DB may be provided to other nodes by a client node and a server node included in the data processing system 10, and the node providing the data block DB in the following description is provided as a 'providing node' for convenience of description. It is referred to as.

Referring to FIG. 9, the providing node may receive a data block request through a network (NW) (S30). For example, a transaction including the authorization level of the requesting node and category information of binding data BD required by the requesting node may be received.

Thereafter, the providing node may analyze the header of the stored data block DB to search for a data block DB corresponding to the transaction (S32).

When the data block DB corresponding to the transaction is searched, the providing node may provide the searched data block DB as the requesting node (S34).

If the data block DB corresponding to the transaction is not searched, the providing node may request sharing of the data block DB with the upper node (eg, a server node) (S36). For example, the providing node generates a transaction including the authorization level of the requesting node, category information of the binding data (BD) required by the requesting node, and transmits the transaction to the parent node, and transmits the data block (DB) from the parent node. It can be received and forwarded to the requesting node. As another example, the providing node may add the address of the requesting node to the transaction and transmit it to the parent node. In this case, the upper node may search the data block DB corresponding to the transaction and directly transmit it to the requesting node without going through the providing node.

10 is a flowchart illustrating an operation of verifying a data block DB according to an embodiment of the present invention. The data block DB may be verified by a client node and a server node included in the data processing system 10, and in the following description, a node for verifying the data block DB will be referred to as a 'verification node' for convenience of description. .

Referring to FIG. 10, the verification node may receive a data block verification request through a network (NW). For example, to receive a transaction that includes information of a data block (DB) that requires verification (eg, block hash), information of binding data (BD), which needs verification, (eg, hash of binding data), and the like. It can be (S40).

Thereafter, the verification node may obtain a data block DB requiring verification by analyzing the transaction (S42). For example, the verification node may obtain the data block DB corresponding to the transaction by checking the hash value of the stored data block DB.

Thereafter, the verification node may decrypt and verify the binding data BD that needs to be verified in the data block DB (S44). For example, the verification node may apply the hash algorithm by decrypting the binding data BD corresponding to the transaction. In addition, the verification node may complete verification by comparing the result of the hash algorithm with the hash value (see BDH of FIG. 3) of the binding data included in the data block DB. At this time, if the result of the hash algorithm matches the hash value of the binding data, the integrity of the data block DB is verified. In addition, the verification node may write information (see VN in FIG. 3) indicating that verification is completed in the corresponding data block DB after completing verification.

Part or all of a device (or module) or method (eg, step) according to the present invention is stored in a computer-readable storage media (eg, a storage unit of a node) in the form of a program module. It can be implemented with a set of storable instructions, hardware, or a combination thereof. The instructions may be executed by hardware including one or more processors, such as a microchip, and the one or more processors may perform functions corresponding to the instructions.

The present invention described above is not limited to the above-described embodiments and the accompanying drawings, and various substitutions, modifications, and changes are possible within the scope of the technical spirit of the present invention. It will be clear to those who have the knowledge of

Claims (33)

As a method of generating a block of data that constitutes a block chain and is shared between a plurality of nodes,
Obtaining at least one binding data having public or private properties;
Determining a binding key having a decryption authority level for each binding data;
Encrypting the binding data using the binding key; And
Generating a data block including at least a portion of the encrypted binding data and the binding key,
The data block includes authorization level indication information indicating a decryption authorization level assigned to each binding data included in the data block,
The node extracts binding data corresponding to the decryption authorization level of the node from the data block based on the authorization level indication information, and generates a data block for decrypting the extracted binding data. According to claim 1,
The data block,
A header area including index information indicating the type of the at least one binding data, a public area in which a hash value of the at least one binding data stored in the data block is stored, at least a part of the encrypted binding data and the binding key A method of generating a data block including a binding area in which storage is stored and a private area in which encrypted private data is stored. According to claim 2,
The header area further includes at least one of a hash value of the encrypted private area, at least a portion of a first public key that restricts access of an unauthorized node to the data block, and an integrity verification count of the data block How to create blocks. According to claim 2,
The public area includes a data block including a public data including type information about a type of information records included in the data block and a second public key including at least a part of an encryption key for decrypting the public data. How to create. The method of claim 4,
The second public key is used to verify the first public key retrieved from at least a portion of the first public key,
The second public key is a method of generating a data block including at least a part or all of the searched first public key. According to claim 2,
Further comprising the step of additionally storing at least one extended data in the binding area of the data block,
The binding key corresponds to a decryption authorization level, and the at least one extension data is encrypted according to the decryption authorization level. The method of claim 6,
The step of additionally storing the extended data,
Storing index information indicating the type of the extended data in the header area;
And storing a hash value of the extended data in the public area. According to claim 2,
Further comprising the step of reducing the data block to generate a derived data block,
The step of generating the derived data block,
Storing selected binding data among the at least one binding data stored in the binding area of the data block and a binding key corresponding to the selected binding data in a derived binding data area;
Storing modified index information indicating the type of the selected binding data in a derived header area;
And storing the modified hash value of the selected binding data in a derived public area. According to claim 2,
The index information is a method of generating a data block including at least one of finance, health, insurance, education and finance. As a method of processing a block of data constituting a block chain and shared among a plurality of nodes,
Receiving an encrypted data block having a binding area comprising at least one binding data having public or private characteristics and at least a portion of a binding key having a decryption authority level for each binding data;
Checking the binding data accessible according to a decryption authority level for the binding data;
Extracting at least a portion of a binding key for the identified binding data;
Decrypting the binding data using at least a portion of the extracted binding key,
The data block includes authorization level indication information indicating a decryption authorization level assigned to each binding data included in the data block,
The node extracts binding data corresponding to the decoding authority level of the node from the data block based on the authority level indication information, and processes the data block to decode the extracted binding data. The method of claim 10,
Decoding the binding data, using at least a portion of the extracted binding key,
Retrieving the entire contents of the binding key from at least a portion of the extracted binding key; And
And decrypting the binding data using the retrieved binding key. The method of claim 10,
Index information indicating the type of the at least one binding data, a hash value of the private area of the data block, at least a portion of a first public key that restricts access of an unauthorized node to the data block, and integrity verification of the data block Decoding a header area including at least one of the number of times; And
Based on the information of the decrypted header area, public data including a hash value of the binding area matching the type of information included in the data block and the information type, and an encryption key for decrypting the public data And decoding a public area including a second public key including at least a portion of the data block. The method of claim 12,
And retrieving the entire contents of the first public key from at least a portion of the first public key,
And comparing the retrieved first public key with at least a portion of the retrieved first public key, and verifying the retrieved first public key. The method of claim 12,
And confirming the type of the binding data through the index information. The method of claim 12,
And confirming the type of the information record included in the data block. The method of claim 12,
And comparing the hash value of the binding region with the hash value of the decrypted binding data to verify the decrypted binding data. The method of claim 12,
Further comprising the step of additionally storing at least one extended data in the binding area of the data block,
The binding key corresponds to a decryption authorization level, and the at least one extended data is encrypted according to the decryption authorization level. The method of claim 17,
The step of additionally storing the extended data,
Storing index information indicating the type of the extended data in the header area;
And storing a hash value of the extended data in the public area. The method of claim 10,
Further comprising the step of reducing the data block to generate a derived data block,
The step of generating the derived data block,
Storing selected binding data among the at least one binding data stored in the binding area of the data block and a binding key corresponding to the selected data in a derived binding data area;
Storing modified index information indicating the type of the selected binding data in a derived header area;
And storing the modified hash value of the selected binding data in a derived public area. The method of claim 10,
And decrypting and verifying at least one binding data among the binding data stored in the binding area of the data block. In the block chain structure, in the device using the structure of the data block,
Multiplex decryption authority for the encrypted information in the data block structure,
The data block structure includes a header area, a public area, a binding area, and a private area,
The header area includes index information indicating the type of the binding area, a hash value of the private area, at least a portion of a first public key that restricts access of an unauthorized node to the data block, and the number of times of integrity verification of the data block. At least one,
The public area matches public data including type information regarding a type of information records included in the data block, a second public key including at least a part of an encryption key for decrypting the public data, and the type information It includes at least one of the hash value of the binding region,
The binding area includes at least one binding data having public or private characteristics and at least one binding key having a decryption authority level for the at least one binding data,
The at least one binding data and the at least one binding key form a pair,
The private area includes private data that can be decrypted by the device and a hash value of the private data,
The index information of the header area includes permission level indication information indicating a decryption permission level given to each binding data included in the data block,
The device extracts binding data corresponding to the decryption permission level of the device from the data block generated based on the permission level indication information, and uses a structure of a data block that decrypts the extracted binding data. Memory; And a data block processing node comprising at least one processor,
The processor,
Receiving an encrypted data block having a binding area comprising at least one binding data having public or private characteristics and at least a portion of a binding key having a decryption authority level for each binding data, and decrypting the binding data Check the binding data accessible according to the permission level, extract at least a portion of the binding key for the identified binding data, decrypt the binding data using at least a portion of the extracted binding key,
The data block includes authorization level indication information indicating a decryption authorization level assigned to each binding data included in the data block,
The data block processing node extracts binding data corresponding to the decryption permission level of the data block processing node from the data block based on the permission level indication information, and decodes the extracted binding data. The method of claim 22,
The processor,
A data block processing node that retrieves the entire contents of the binding key from at least a portion of the extracted binding key, and decrypts the binding data using the retrieved binding key. The method of claim 23,
The processor,
Index information indicating the type of the at least one binding data, a hash value of the private area of the data block, at least a portion of a first public key that restricts access of an unauthorized node to the data block, and integrity verification of the data block A header area including at least one of the number of times is decoded, and based on the decoded header area information, a hash value of the binding area matching the type of information included in the data block and the type of information is determined. A data block processing node for decrypting a public area including a second public key including at least a part of an encryption key for decrypting the public data and the public data. The method of claim 24,
The processor,
Search the entire contents of the first public key from at least a portion of the first public key, compare at least a portion of the searched first public key with at least a portion of the second public key, and search the searched first public key. Data block processing node to verify. The method of claim 24,
The processor,
A data block processing node that identifies the type of the binding data through the index information. The method of claim 24,
The processor is a data block processing node that identifies a type of information record included in the data block. The method of claim 24,
The processor is a data block processing node that verifies the decrypted binding data by comparing a hash value of the binding region with a hash value of the decrypted binding data. The method of claim 24,
The processor further stores at least one extension data in the binding area of the data block,
The binding key corresponds to a decryption authorization level, and the at least one extended data is encrypted according to the decryption authorization level. The method of claim 29,
The processor,
A data block processing node that stores index information indicating the type of the extended data in the header area, and stores a hash value of the extended data in the public area. The method of claim 22,
The processor generates a derived data block by shrinking the data block, and derives a binding key selected from among the at least one binding data stored in the binding area of the data block and a binding key corresponding to the selected data. A data block processing node that stores the modified index information indicating the type of the selected binding data in the derived header area, and stores the modified hash value of the selected binding data in the derived public area. The method of claim 22,
The processor,
A data block processing node for decoding and verifying at least one binding data among binding data stored in the binding area of the data block. In a data processing system that configures a block chain and is shared among a plurality of nodes,
Acquiring at least one binding data having public or private properties, determining a binding key having a decryption authority level for each binding data, using the binding key to encrypt the binding data, and the encrypted binding A data block generation node generating a data block including at least a portion of data and the binding key; And
An encrypted data block including at least one binding data having the public or private property and at least a portion of a binding key having a decryption authorization level for each binding data, and receiving a decryption authorization level for the binding data. And a data block processing node that checks the accessible binding data, extracts at least a portion of the binding key for the identified binding data, and decrypts the binding data using at least a portion of the extracted binding key. ,
The data block includes authorization level indication information indicating a decryption authorization level assigned to each binding data included in the data block,
The data block processing node extracts binding data corresponding to the decryption permission level of the data block processing node from the data block based on the permission level indication information, and decodes the extracted binding data.

Images